This repository accompanies the paper "Payload Analysis of Adversaries’ Tooling: Automated Identification of Fuzzers," submitted to the IEEE Transactions on Information Forensics & Security.
A pre-print version of the paper is now publicly available for reference:
Payload Analysis of Adversaries’ Tooling: Automated Identification of Fuzzers (Pre-print)
The repository includes:
- Dataset: Payloads generated during experimentation using APIFuzzer, Kiterunner, RESTler, and Schemathesis on the five APIs developed for this study.
- Source Code: Implementation of the combined deep learning and machine learning architecture for payload analysis and classification.
- Trained Models: Pre-trained models for replicating our classification results.
- Supplementary Scripts: Tools for data preprocessing, analysis, and visualization.
- Docker Setup: A containerized environment to execute the fuzzers on the provided APIs, enabling users to replicate or generate the dataset independently.
The Docker container is designed to streamline the execution of fuzzers against the five custom APIs developed for our study. This setup is particularly useful for:
- Reproducing Results: Users can replicate the dataset used in the paper by executing the fuzzers with the provided scripts.
- Generating New Data: The container allows users to regenerate the entire dataset or customize the fuzzing process for their own experimentation.
The APIs, built following the OpenAPI specification, represent diverse scenarios, including CRUD operations, OAuth2 flows, and IoT interactions, making them ideal for evaluating fuzzing techniques.
cd path/to/docker_fuzzing
docker buildx build --platform linux/amd64 -t image_fuzzing:1.0.0 .Note: Ensure to include the . (dot) at the end of the command.
Save the image:
docker save -o image_fuzzing.img image_fuzzing:1.0.0Load the saved image:
docker load -i path/to/docker_fuzzing/image_fuzzing.imgRun the container while mounting the data directory:
docker run -v path/to/docker_fuzzing/data:/docker_fuzzing/data --name container_fuzzing -d image_fuzzing:1.0.0e.g.
docker run -v D:/ag/github/fuzzing/docker_fuzzing/data:/docker_fuzzing/data --name container_fuzzing -d image_fuzzing:1.0.0Attach to the running container for executing bash commands:
docker exec -it container_fuzzing bashtshark -i [interface_name] -w /path/to/pcape.g.
tshark -i eth0 -w /docker_fuzzing/data/dump.pcappython3 /docker_fuzzing/tools/ja4-0.18.4/python/ja4.py [parameters]The following scripts execute each fuzzer iteratively on the APIs:
- APIFuzzer:
/docker_fuzzing/scripts/bash_script_to_run_APIFuzzer_Iteratively.sh - Kiterunner:
/docker_fuzzing/scripts/bash_script_to_run_Kiterunner_Iteratively.sh - RESTler:
/docker_fuzzing/scripts/bash_script_to_run_RESTler.sh
Note: RESTler provides an in-built time-setting functionality. - Schemathesis:
/docker_fuzzing/scripts/bash_script_to_run_Schemathesis_Iteratively.sh
For questions or issues, please refer to the documentation or contact us through the repository.